Thursday, February 3, 2011

How to Fix Server Application Unavailable’ Error

Microsoft identified an issue with the MS03-32 Security Update for Internet Explorer security patch and ASP.NET 1.0 running on Windows XP. This patch can be installed manually or by obtaining recent critical updates from the Windows Update site.The symptom of this issue is that after installing the patch on a Windows XP machine, all requests to ASP.NET applications running on the local IIS 5.1 web server result in an error message saying “Server Application Unavailable”. Requests to remote web servers are unaffected.This issue only impacts installations running ASP.NET 1.0 on Windows XP. It does not impact machines running Windows 2000 or Windows Server 2003. It also does not impact machines running Windows XP with ASP.NET 1.1 installed.Please note that this issue is not a security bug with ASP.NET. It does not open up or allow any malicious attacks against an ASP.NET application or server. Instead, it is purely a functional bug caused by the patch itself.We are working hard on a permanent solution for this issue. In the meantime, you can execute the following batch file as a workaround for the issue. The batch file does the following:

Stops the IIS and ASP.NET state services

Deletes and recreates the ASPNET account with a known temporary password

Uses the Windows runas command to launch an executable that creates an ASPNET user profile

Re-registers ASP.NET. This creates a new random password for the account and applies default ASP.NET access control settings for it

Restarts the IIS service

The batch file contains a hardcoded temporary password of “1pass@word” which you will be prompted to enter for the runas command when the batch file is run. After the runas command completes, the ASPNET account password is recreated with a strong random value. Note that the batch file may fail if the hardcoded password does not meet the password complexity requirements in your environment. If that's the case, you can change it to another value that is appropriate for your environment.

Important note: If you have added custom access control settings or database account permissions for the ASPNET account, they will need to be recreated after this batch file completes. This is because when the account is recreated, it will get a new security identifier (SID).

Important note: If you are running the ASP.NET worker process with a custom account other than the ASPNET account, then you should not run this batch file. Instead, you should log in interactively or use the runas command with that account which will create a user profile for that account.

The batch file is included in the self-extracting archive below. To use it: